Discover Organizations/Events News
Using Sysmon for Linux to Monitor Against MITRE ATT&CK Techniques
There was a lot covered at this year’s 2022 RhythmWorld Security Conference! In one of our more technical sessions, we discussed Microsoft Sysinternals’ recent release of Sysmon for Linux, an open-source Linux system monitoring tool.
You can find the project on their Github page to view the documentation and source; there are plenty of resources about how to download, install, and configure the Sysmon for Linux software. In this blog, we will cover the next steps you can take to use the logs that it generates, as well as where to best use them within LogRhythm SIEM.
When assessing how Sysmon for Linux works, there are a lot of similarities to Sysmon for Windows in how it can be configured and how the logs are generated. Of course, with different operating system architectures, there are some changes, too.